Pseudonymous Proxy Server ("PPS"): Figures & Examples: 

Fig1: User Creates and Validates the User^s Pseudonym (Prior Art) 



User blinds Pseudonym & Provider Identifier with Random Factor 



Transmit signed message to Validating Agency Server 



Validation Server signs Pseudonym and Returns to User 



User is in receipt of Validated Pseudonym 
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Fig 2: Pseudonym ized Message is Routed through Proxy Server which Re-ldentifjes the 
Pseudpnymized Data, Routes the Re-Identified Message to the Information Server and 
Routes Response to User (Prior Art) 



Client Processor Forms Encrypted Message with signed validated pseudonym 










- 


Message is routed to Proxy Server 
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Proxy Server decodes Message . 












Proxy Server forwards Message to identified information server 
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Information server processes received request 








Information server transmits response to proxy server 
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Proxy server creates response message to user 
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Client Processor Tabulates User Interest 
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Client Processor Transmits Message to Proxy Server to Update Profile Interest 
Summary 



Fig 3: User Creates and Validates the User's UID that can be used as a Pseudonym and 
ACRS that govern the User's Access tp Actual vs. Pseudonymous Data. 



User is entered into the system as a "Person" and assigned a UID 



User is registered in the System as a User Type with associated Pseudonym 
and ACRS 
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User selects (or system assigns) Service Provider Identifier 



PPS provides blind pseudonym & Service Provider identifier with a random 
factor 
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Signed message is transmitted from User to Provider through PPS 



PPS receives message and, based on ACRS, validates relationship between User, 
Provider and/or PDO 



PPS authorizes System to enable User to view PDO's Actual PD or Pseudonyms, 
based on ACRS 



User receives from System PDO's Actual PD and/or Pseudonyms, based on ACRS 



Fig 4: Pseudonym ized Message is Routed through Proxy Server which Re-Identifies the 
Pseudpnymized Data, Routes the Re-Identified Message to the Information Server and 
F?outes Response to User in the form of Actual or Pseudonymous Data, based on the ACRS 



Client Prpcessor Forms Encrypted Message with signed validated pseudonym 
reauestina PDO's PD 
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Message is routed to Proxy Server 
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Proxy Server decodes Message 
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Based upon the User's UID and the Individual PDO's UID, the proxy server 
directs the message to the Information Server designated for processing that 

message. 






Information server processes received request according to the appropriate 
ACRS relating to that User and PDO 
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In accordance with the message request information, Server formulates ACRS - 
based response in accordance with the signed, validated pseudonym and User 
identifier - 
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Upon receiving response from Information server, proxy server transmits 
pseudonymized and encrypted response message to User's client processor and 
enables decryption of the message for User access. 
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Proxy server authorizes User access to pseudonymized or actual PD based on 
ACRS relating to.that User and PDO 
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Pig 5; 

User Requests Private Data (PD). Pseudonymous Proxy Server (PPS): 1. identifies User by 
UID or UNID; 2. Validates request; and 3. grants User access to Actual or Pseudonymous 
data, in accordahce with the ACRS implemented by the PPS, which is also known as the UID 
ACRS controller. 



Figure 6.: 

UID-ACRS Controller is a form of PPS that can be implemented to control UID's and ACRS 
among multiple servers in a "Hub and Spoke" network configuration. The UID-ACRS 
Controller maximizes control over all Individual UID assignments and Users- ACRS to 
maximize security, privacy and accountability when the User accesses Private Data 
(pseudoriymous and actual per the ACRS) 
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Figure?.: Multicast/ Gomputer Network Tree with UNID-ACRS Con^ 

UNID-ACRS Controller is a form of PPS that can be implemented to control UID's and ACRS 
among multiple servers in a "Network Tree" configuration. The UNID-ACRS Controller 
maximizes control over ail Individual UID assignments and Users' ACRS throughout all 
Servers in the Network Tree to maximize security, privacy and accountability when the User 
accesses Private Data (pseudonymous and actual per the ACRS) 



Fig 8 : MedicalTLegal. Patient authorizes Dr. A to release partially pseudonymized medical 
records to Dr. B. 



Dr. A - Server 1 - Maintains Patient's Medical record with ACRS governing 
access for Dr. A s staff and limited access for Patient 
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Patient routes message to Dr. A with signed Authorization to release records 
attached, requesting that Dr. A grant access to Patient's medical records to Dr. 

B 








Proxy Server codes Message to Pseudpnymize identity of Dr. B. Dr. A's ACRS 
replaces Dr. B's name with a Pseudonym. 
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Based upon the service provider identifier associated with the message, the proxy 
server forwards the message to Dr. B (or an identified information server - Server 
- S 2 designated by Dr. B and synchronized with Dr. A's server per ACRS) 
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Information server processes request and grants ACRS to Dr. B in accordance 
with Authorization granted by Patient (e.g. release everything but address and 
social security number) 
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In accordance with the message request information, Server forwards the message 
to Dr. B with ACRS. -based pseudonymization of PD 
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Dr. B logs onto the system which identifies Dr. B as a User with the appropriate 
ACRS as granted to Dr B by Patient. 




Dr. B accesses Patient's Medical Records with specific PD pseudonymized in 
accordance with Dr. B's AQRS. 
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